Posted on 10-23-2024 10:22 AM
We have 12 Patch Reporting smart groups set up using “Less Than” and the version we’re deploying. We deploy to 4 groups on different days: Alpha, Beta, UAT, Wave 1, and Wave 2 (Execs/Traders). One Deployment Day, I update each smart groups by adding the next test group using parentheses and the “or” option. We use AutoPkgr for package downloads but can’t use autopkg jamfuploaders due to DLP restrictions. We currently can’t have apps autoupdate and have to manage the updates on a monthly basis. Modifying the 12 groups takes about 15 minutes to do, but I’m looking for a more efficient solution.
This is how our smart groups being setup. Using Chrome as an example.
Application Smart Groups
Name: Monthly Patching - Google Chrome Update
Criteria: Patch Reporting Application name
Operator: Less than
Value: The current version we’re deploying. We have to manually change this each month.
Main Smart Group this list all 12 Patch reporting smart groups. Use an open/closed parathesis and the “or” option.
Name: Monthly Patching - A - All Apps
Criteria: Computer Group
Operator: member of
Value: Monthly Patching - Google Chrome Update
The 12 Policies are setup like this
Name: Update Google Chrome
Custom: We have a trigger set that another policy kicks off
Execution Frequency: Ongoing
Scope to: Monthly Patching - Google Chrome Update.
When a device updates, it drops out of the smart group, so it won't keep deploying
Kickoff Policy
Name: Update_All_Test
Recurring Check-in
Custom: UpdateAll
Scoped to: Monthly Patching - A - All Apps
This makes easy, so we only have to set the deployment time on one policy.
This contains a script that runs the trigger for each patching policies
When we kickoff policy Update_All_Test, it runs the script targeting the patching policies. Everything works, just looking for an easier way, so I don’t have to go in to each Patching Smart Group for every deployment.
Posted on 10-23-2024 01:11 PM
Based on your process, this sounds like an ideal scenario for using a script with the Jamf Pro API to quickly make updates to your smart groups. It would just take a few seconds if you're only needing to update a handful of groups.
Posted on 10-24-2024 09:48 AM
I'm not very familiar with how to use the Jamf API's. I'll do some reading on them. Thanks
Posted on 10-28-2024 07:31 AM
@talkingmoose I was doing some playing around with the API in our QA site. The below settings worked one time. I got the 202 code and the alpha group was now part of the chrome update. The issue I'm seeing is that the API is removing the Patch Reporting section which is needed and just adding Alpha. I also tried doing Beta and using the or option, but it just removed Alpha and only listed Beta. I'm guessing I'm doing something wrong.
Removed this part of the smart group.
Name: Monthly Patching - Google Chrome Update
Criteria: Patch Reporting Application name
Operator: Less than
{
"name": "Monthly Patching - Google Chrome Update",
"criteria": [
{
"name": "Computer Group",
"priority": 0,
"andOr": "and",
"searchType": "member of",
"value": "macOS_Alpha_Users",
"openingParen": false,
"closingParen": false
}
],
"siteId": "-1"
}
Posted on 10-28-2024 09:28 AM
I suspect you may be trying to update only specific pieces of the smart group.
You'll need to get the entire JSON for the smart group, add or change the JSON with your updates, and then use PUT in your Jamf Pro API call to upload the entire modified JSON back to the same group ID.
If that's not the issue, maybe post a screen shot of your smart group before you change it and then post a screen shot of what you'd like it to be.
10-28-2024 10:55 AM - edited 10-28-2024 12:46 PM
@talkingmoose Here is what our typical patching smart group looks like. On deployment days, we add the each test group. On the prod day, we remove the 3 test groups and then add another computer group using not a member of and add our executives. Then wave 2, we remove all computer groups. From some testing, it looks like I can't point to a patching software title. I'm currently trying to test by using application title and test groups.
Posted on 10-28-2024 02:43 PM
I'm able to get the groups added when using application title with has and with application version with the version we're deploying. Just copied the curl response and created a script and it worked. I'm getting closer to less steps, just need to figure out a way so I don't have to manually select the version that we're deploying. I was able to add couple together in a script with the help of AI. The problem I see now is the bearer token expires and it'll have to be changed for each section in the script.
Posted on 10-30-2024 12:07 PM
@talkingmoose
Here is where I'm at. I was able to create the first API, that adds that has our patch reporting title, less than and current version we're using and our alpha group using and option and member of. This works, when I deploy the update the device drops out of the group. I have a second API that now adds the Beta group using the or option and still has the alpha group. I set the opening parenthesis for alpha and the closing for beta like the example above, I get the below error. If there isn't a way around, I just use the API to just add the one group that is getting the deployment. This is also posted in jamf-api channel in slack.
"code": "INVALID_FIELD", "description": "Uneven number of opening and closing parenthesis",
Posted on 10-31-2024 08:14 AM
I copied what you posted above and after I added the dependency groups, your JSON worked for me.
If you're receiving a message about uneven parentheses, sounds like you're missing one somewhere. You might try using an online JSON validator to help you review you find it. There are several online.
For someone not very familiar with the Jamf Pro API, I can tell you've done a lot of homework.
If you can post your script online somewhere (GitHub has a nice "gists" feature) and post a link here, I'd be happy to take a look at the whole thing.
Posted on 11-05-2024 06:34 AM
I pasted the below, but switched the beta group to use the closingParen and Alpha to use the openParen in the a json validator and it said everything was fine. When I run it via our jamf/api site or from the jamf/ api script it creates for me, it says uneven. I'll post a script, but it's pretty much the settings below.
Posted on 10-30-2024 12:58 PM
Here is the body, I'm trying to use.
{
"name": "Monthly Patching - Google Chrome Update - A",
"criteria": [
{
"name": "Computer Group",
"priority": 1,
"andOr": "or",
"searchType": "member of",
"value": "macOS_Beta_Users",
"openingParen": true,
"closingParen": false
},
{
"name": "Computer Group",
"priority": 2,
"andOr": "and",
"searchType": "member of",
"value": "macOS_Alpha_Users",
"openingParen": false,
"closingParen": true
},
{
"name": "Computer Group",
"priority": 3,
"andOr": "and",
"searchType": "member of",
"value": "Monthly Patching - Google Chrome Update - B",
"openingParen": false,
"closingParen": false
}
],
"siteId": "-1"
}